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DETAILED ACTION 

1. An amendment received on 12/27/06 has been entered and carefully considered. 

1 . Applicant's amendment introduced new limitations into independent claims 1,7,21, 
26 and 30-31. The newly introduced limitation has required a new search and 
consideration of the pending claims. The new search has resulted in newly 
discovered prior art. New grounds of rejection based on the newly discovered prior 
art follow below. 

2. The text of those sections of Title 35, U.S. Code not included in this action can be 
found in a prior office action. 

Response to Amendment 

2. Applicant arguments are mainly directed towards the independent claim 1 that is 
substantially similar (also similarly amended) to independent claims 7, 21 , 26 and 
30-31 . 

3. Applicant argues Bronlie in view of Donohue's disclosure of updating security policy 
"as defined in claim 1". Applicant argues that "Donohue does not appear to be at all 
concerned with updating any security policy on the network" and that "installing new 
versions of computer software programs is not the same as these features of claim 
1". 

4. The examiner points out that Donohue discloses the update mechanisms 
implemented in the art of computing. As a result Brownlie in view of Donohue is 
concern is relevant to update process of security policy. 
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5. Applicant also argues the examiner's statement that "keeping track of a series of 
incremental changes of the security policy, computing an accumulated delta that 
reflects the series of incremental changes and sending the accumulated delta to the 
security engine from the policy manager such that the security engine uses the delta 
to update the local customized security policy" would have been an obvious variation 
of possible security implementations, stating that a plurality of rules can include 
hundreds or thousands of access rules which are constantly being updated and 
modified by various users or applications and as a result the claimed method would 
provide efficiency. 

6. The examiner points out that efficiency of applicant's invention has never being 
questioned. In fact, the examiner provided additional commonly recognized benefits 
of such an implementation. However, updating by either use of a full update or 
incremental updates is simply an obvious variation of data update methodology well 
known in the art, as illustrated in this Office Action by Brownlie and Donohue as well 
as commonly encountered in implementation of Microsoft patches, routing 
information synchronization and Anti-Virus software definition files updates. 

7. Applicant arguments directed towards the newly added limitations are addressed in 
this Office Action, below. 

8. Claims 1-9 and 21-31 have been examined. 



Claim Objections 
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9. Claims 1-9 and 21-31 are objected to because of the following informalities: claims 
1, 21, 26 and 30-31 recite: "the application" followed by "an application". For 
purposes of further examination the phrase is treated as though applicant mixed the 
order of the terms. 

Appropriate correction is required. 

Claim Rejections - 35 USC §103 

10. Claims 1-2, 5, 7-8, 21-31 are rejected under 35 U.S.C. 103(a) as obvious over 
Johnson (U.S. Patent No. 6295607) in view ofBrownlie et al. (U.S. Patent No. 
6202157) and further in view of Donohue (U.S. Patent 6199204). 

Johnson discloses a policy manager, coupled to a network, including a database for 
storing a customized security policy including a plurality of rules that control user 
access to applications used to evaluate an access request by matching it to one or 
more of the plurality of rules and granting or denying access to the application based 
on the evaluation (col. 5 lines 23-37, col. 5 line 66-col. 6 line 5 and Fig. 5). 

1 1. Johnson does is silent regarding the policy manager including a policy distributor, 
coupled to the database, for distributing the plurality of rules through the network to 
a security engine located on a client coupled to the network, and the security engine 
storing a set of the plurality of rules constituting the local customized security policy 
received through the network from the policy distributor and for enforcing the 
customized security policy locally at the client. 
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Brownlie et al. discloses a policy manager including a policy distributor, coupled to a 
database, for distributing plurality of rules through the network to a security engine 
located on a client coupled to the network and not coupled to an application; the 
security engine storing a set of the plurality of rules constituting the local customized 
security policy received through the network from the policy distributor and for 
enforcing the customized security policy locally at the client (Brownlie et al., col. 3 
line 25 -co/. 4 line 2, col. 4 lines 47-50 and col. 7 lines 1-49). 
Both Johnson and Brownlie et al.'s systems are directed towards policies in the 
network environment. Thus, the advantages of the systems of Johnson and Brownlie 
et al. could have been easily combinable with more than reasonable expectations of 
success. Additionally, it would have been obvious to one of ordinary skill in the art at 
the time of applicant's invention to include policy distributor in the policy manager, 
for distributing the plurality of rules through the network to a security engine located 
on a client coupled to the network, and the security engine to store a set of the 
plurality of rules constituting the local customized security policy received through 
the network from the policy distributor and for enforcing the customized security 
policy locally at the client as taught by Bronwlie et al. One of ordinary skill in the art 
would have been motivated to perform such a modification in order to provide 
flexible policies for differing nodes or for differing environments. 
Johnson in view of Brownlie et al. is silent in regard to the specific implementation of 
incremental changes to a security policy. Specifically, Johnson in view of Brownlie 
et al. do not disclose that updates involve keeping track of a series of incremental 
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changes, computing an accumulated delta that reflects the series of incremental 
changes and sending the accumulated delta to the subject implementing the 
changes (the security engine) from a distributor (the policy manager) such that the 
subject uses the delta to update the current setting (the current local customized 
security policy). 

Donohue discloses the process of updating computing systems that involves 
keeping track of a series of incremental changes (Donohue, col. 7 line 59-col. 8 
Iine10 and Fig. 2) computing an accumulated delta that reflects the series of 
incremental changes (e.g. col. 7 line 66-col. 8 line 2 and col. 9 lines 44-58) and 
sending the accumulated delta to the subject implementing the changes from a 
distributor such that the subject uses the delta to update the current setting 
(Donohue, col. 4 line 23-28). 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to compute an accumulated delta that reflects the series of incremental 
changes and send the accumulated delta to the subject implementing the changes 
from a distributor such that the subject uses the delta to update the current setting 
giving the benefit of more efficient updates of security policies (e.g. providing 
additional features on an incremental basis such that clients receive new product 
features sooner and with no effort) while saving network bandwidth. 
12. The examiner also points out that the new limitations are simply an obvious variation 
of possible security change implementations. In network environment it is infeasible 
to ensure that incremental changes are implemented by all subjects (clients with 
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security engines) at the same time. For example, in addition to subjects available for 
updates, some may be shut down (e.g. a user taking vacation) and some may not be 
even in a distributor network (e.g. a user taking a laptop for a business trip). As a 
result, comprehensive updates to already present policy must account for the time 
difference that results in a different set of incremental changes distributed to policy 
subjects. Thus, it would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to keep track of incremental changes that would allow 
computation of an accumulated delta that reflect the series of incremental changes 
(for a particular subject) distributed to a particular subject given the benefit of a 
comprehensive update of each subject using a minimum of network bandwidth and a 
flexible update schedule. 
13. Furthermore, there are essentially only a few possibilities to update current 
configuration (such as policies) in order to reflect the most current desirable state 
(the most current overall configuration), which could include multiple intermediate 
updates. The newest most current overall configuration settings could be used to 
overwrite the current configuration. The changes could be implemented gradually, or 
only the difference (delta) between the current and most updated overall 
configuration could be installed. (The last one reads on the claimed limitations) Any 
of these implementations, are obvious variations of each other. However, taking in 
consideration time and network bandwidth required to deliver and update all network 
subjects, the delta implementation would have been the most obvious choice. 
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Transferring less data via network minimize the use of the network bandwidth and 
less data to install speeds up the update process and minimize possibility of errors. 

14. As per claims 25 and 29, incremental changes inherently include one or more of 
adding, deleting and amending. 

15. As per claims 22-23 and 27-28, the table disclosed by Donohue in Fig. 2 reads on a 
policy tracking table. Furthermore, Official Notice is taken that it is old and well- 
known practice to store data in a table and using the stored data in reconstruction of 
a computer systems to a previous state. It would have been obvious to one of 
ordinary skill in the art at the time of applicant's invention to reconstruct a computer 
state to the previous version using earlier stored and distributed data given the 
benefit of a quick troubleshooting of problems, potentially introduced by the data. 

16. Claim 6 is rejected under 35 U.S.C. 103(a) as being unpatentable over Johnson 
(U.S. Patent No. 6295607) in view of Brownlie et al. (U.S. Patent No. 6202157) and 
Donohue (U.S. Patent 6199204) and further in view of Wang (U.S. Patent No. 
5956521). 

Johnson in view of Brownlie et al. and Donohue discloses that the policy manager 
and the policy distributor are hosted on a first server (Brownlie et al., col. 3 lines 27- 
34, 54-56 and 61-63), the security engine and the application are hosted on a 
second node, and the first and second node are communicatively coupled to each 
other through the network (col, 3 lines 61-63). 

1 7. Brownlie et al. do not explicitly teach that the second node is a server. 
Wang teach a plurality of nodes that are servers (Wang, Fig. 3). 
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It would have been obvious to one of ordinary skill in the art at the time of applicant's 
enforceable security policy invention as disclosed by Brownlie et al. into systems 
with nodes that are servers as taught by Wang. One of ordinary skill in the art would 
have been motivated to perform such a modification in order to provide an 
enforceable flexible security policy for each network node including servers. 

18. Claims 3-4 and 9 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Johnson (U.S. Patent No. 6295607) in view of Brownlie et al. (U.S. Patent No. 
6202157) and Donohue (U.S. Patent 6199204) and further in view of TRCKA era/. 
(U.S. Pub. No. 20010039579) and Microsoft Press (Computer Dictionary, 3rd 
Edition, ISBN: 157231446XA, 1997). 

Johnson in view of Brownlie et al. and Donohue disclose the security engine for 
evaluating a request to access the application based on the set of the plurality of 
rules, as discussed above. 

19. Johnson in view of Brownlie et al. and Donohue do not explicitly teach a plug-in 
application programming interface (API) for enabling communication between the 
application and the engine. 

TRCKA et al. teach utilizing API to enable application communication [101]. 
It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to provide API for enabling communication between the application and the 
engine as taught by TRCKA etal. One of ordinary skill in the art would have been 
motivated to perform such a modification in order to code efficiency by allowing 
significant amount of code to be re-used [103]. 
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20. Furthermore, Microsoft teaches a plug-in (Microsoft Press, pg. 370). 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to incorporate a plug-in API as taught by Microsoft. One of ordinary skill in 
the art would have been motivated to perform such a modification in order to provide 
additional functionality (Microsoft, pg. 410). 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure: 

Hummel (U.S. Patent No. 6584454), 
Butman (U.S. Patent No. 5867667), 
Brown (U.S. Patent No. 6618806), 
Graham (U.S. Patent No. 5826000), 
Freund (U.S. Patent No. 598761 1 ). 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
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shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Peter Poltorak whose telephone number is (571 ) 272- 
3840. The examiner can normally be reached Monday through Thursday from 9:00 
a.m. to 4:00 p.m. and alternate Fridays from 9:00 a.m. to 3:30 p.m 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571) 272-381 1. The fax phone number 
for the organization where this application or proceeding is assigned is (571 ) 273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 





